Paradox
©
Fisana

Jump to content


Photo
* * * * * 1 votes

OTP: Uncrackable Encryption with Pencil and Paper; For Email or Text, Too!


  • Please log in to reply
4 replies to this topic

#1 TVCasualty

TVCasualty

    Embrace Your Damage

  • OG VIP
  • 10,720 posts

Awards Bar:

Posted 03 June 2013 - 10:44 AM

OTP stands for "One Time Pad," a manual encryption method for secure written communications developed in 1919 and if done right is still as secure today as it was then. Recent developments in ubiquitous high-tech surveillnace have prompted me to revisit some old-school techniques that may be useful for regaining a semblance of privacy.

While it works, the catch is that it's tedious. But if you have to communicate and you need your communications to be 100% secure then you will either put up with the inconvenience of privacy or the interrogation room (your choice). Compared to the tedium of prison (or worse), it's a small price to pay but these days even small prices are too much for a lot of people; I hear otherwise smart people saying things on their cellphones that make me literally cringe and it's a laziness that some end up deeply regretting.

But anyway, back to the method.

OTP is especially good for long-term use since even if one of your keys is compromised, you only have one document exposed because each use of this approach calls for a new key. It's the "one time" part of the "One Time Pad." With digital encryption like PGP, if your key is compromised then someone can decrypt ALL the messages that were encrypted with that key, and that can get awkward.

To save time, I'll copy and paste (and give credit to) a writeup from a site that posted a how-to tutorial a few years back, and I recommend the site as a good place to browse for all sorts of interesting information. A lot of military personnel and LEOs hang there and exchange ideas and discuss tactics and such.

This is still a common tech; if you've ever turned on a shortwave radio and heard those strange Morse Code signals that don't seem to be real Morse Code, you were probably listening to OTP broadcasts from numbers stations.The following are all quotes taken from: http://www.itstactic...per-encryption/



The largest application of OTP has been on number stations; these unlicensed, mysterious shortwave radio stations began broadcasting during the Cold War and continue to this day. With a common, inexpensive hardware, an agent anywhere in the world can pickup a broadcast from their organization in an untraceable, uncrackable way. These stations often play musical introductions followed with either Morse code or voice recordings reading alphanumeric code. The Cornet Project has done an amazing job putting together 30 years of recordings of these stations and an informational booklet for free download. If you like spy games, be sure to check it out.

I’ll use the example of a Soviet spy. In Moscow, you are issued a tiny booklet of labeled random numbers sequences; this cryptographic key book is identical to one that number station operators have. You sew it into your suit and smuggle it into West Germany. While there, you purchase a shortwave radio and, in the privacy of your flat, listen to the predetermined time and frequency. After a series of beeps, you hear the jingle of music that verifies you are listening to the correct station.

A Russian voice comes on and gives you eight numbers (shown in the table below). Using the first two to identify which code to use, you combine your encrypted message with your key to decode the name of your contact, “Egorov”. You rip out the key booklet page and throw it in your fireplace.
Here is the example from above in math form. The encrypted text is what came over the radio, the key is what was in your book.

grab1.jpg

You take your encrypted text (01-03-09-07-24-11) and add the key from your book (04-04-06-11-17-11). Notice that position five the cipher text and the key sum to 15, not 41. Because there are only 26 letters, it “rotates” around to become 15 (24+17=41. 41-26=15). The encryption process at the number station simply took the message (EGOROV) and subtracted their random key from it, using the same rotating method for negative numbers.
If the key is scientifically random, in theory, the code is impossible to crack. This is because there is no correlation between how the first E is encrypted and the fifth, and a three letter code could just as easily be “CAT” or “DOG”.

An OTP key is used only once, and has a key as long as the message; if a key is reused, it is possible to mount a computational attack and crack it.
Done properly, no previous messages are compromised if a single key is broken (unlike AES or PGP). Furthermore, by keeping the entire process on paper, you minimize the number of mechanism that need to be secure, and thereby reduce the attack vectors.

With five minutes of training, you can apply this same system to your IM conversations, email, shortwave radio stations or SMS.

Lastly, humans intuitively understand how to hide and secure things, but only conceptually understand firewalls and SSL.
A limitation of OTP is that there’s a finite number of messages that can be sent before a new set of keys need to be exchanged. Furthermore, the key exchange has to happen out-of-band and typically in person; this makes the system more inconvenient compared to PGP or AES for computer network communications. Understanding these limitations and advantages, you can build out your own cryptographic implementation easily.


Building Your Own System

Step 1 – Decide on an Alphabet

First we need to figure out how to interpret decrypted messages as English. Often messages are converted into using numbers for their ease-of-calculation in OTP. Numbers don’t have to represent just letters, as in the previous example, but also numbers, symbols, words, and syntax. While this the alphabet is not sensitive, per se, it’s usually kept with your keys. Here is an example alphabet I’ve created for text messages.

grab2.jpg

Step 2 – Generate Your Key Book

Now we need to generate your key book to smuggle into West Germany. Unlike Hoover’s CIA, generating 10,000 new scientifically random numbers doesn’t take a room full of agents rolling dice for a week. RANDOM.org is a free service run by the computer science department at Trinity College in Dublin, Ireland; their random numbers are generated from atmospheric noise, and is as close an approximation to random numbers as you can get without a chunk of uranium and a Geiger counter.

Use their SSL-encrypted integer generator to collect your encryption keys. The safest ways to collect these are using Firefox Private Browsing Mode, Google Incognito‘s window, or encrypt your hard-drive. If you use spreadsheet software like Excel, be sure to disable autosaving if your hard-drive is unencrypted. Print this and give it to your comrade, preferably on a printer without secret serial number dots.
When you’re done, your key book will have pages of labeled two-digit numbers.

grab3.jpg

Step 3 – Transmit

When you transmit, you have lots of options available to you today your granddaddy didn’t. Your globally-connected encrypted pocket radio (cell phone) and SMS are fantastic systems, albeit expose your geographic location to the service provider. If you want to transmit a message to many people/agents, a Twitter or Blogger account posted to via Tor or a pre-paid cellphone create the modern day equivalent of a number station. In fact, there is at least one known bot net coordinated via an anonymous Twitter account (not encrypted, however).

That’s it, no more tools or training is required. While OTP certainly has its limitations, under the right circumstance it can outperform more sophisticated (and more difficult) cryptographic systems. Anyone with five minutes of training and a piece of paper can use the same tools the CIA, KGB, and Mossad use to conduct operations abroad. It’s up to you to learn how to apply these in your own situation, but remember that many times, the simplest tool in your arsenal is the most powerful.



Well there you have it. It's actually a lot easier that it seems at first. Just remember to only use a given key ONCE. And use a different key to respond to a message than the one used to send the message being responded to. It might be a good idea to generate many pages of keys and assign each page a code, then exchange them with your associates all at once. Then you can even use a secondary code for communicating which key to use, further complicating any attempts at cracking even if someone gets your key book.
  • Sidestreet, Lakegal7 and Cigarsam like this

#2 mate0x

mate0x

    st0ned

  • OG VIP
  • 4,607 posts

Awards Bar:

Posted 03 June 2013 - 10:59 AM

OTP will be used with quantum entanglement in the next decade to produce truly secure communications, should be neat.

Good article man.

#3 TVCasualty

TVCasualty

    Embrace Your Damage

  • OG VIP
  • 10,720 posts

Awards Bar:

Posted 04 June 2013 - 08:43 AM

OTP will be used with quantum entanglement in the next decade to produce truly secure communications, should be neat.

Good article man.


It's kind of fascinating that just as we reach a point where near-total surveillance is possible, technologies like quantum cryptography and 3D printing emerge that makes surveillance and control moot, if not impossible. The inscrutability of Chaos is second only to that of God (which is why I'm such a big fan, and frankly "Chaos" and "God" seem to me like two names for the same mystery).

About the only thing that can stop us now is a large-scale and focused effort to dumb-down and propagandize the general public so as to be cognitively unable to put these technological advances to privacy and freedom-promoting uses, and sure enough that's exactly what appears to be going on in the world of mass media and education.

But back to the topic at hand...

Above all, the most important thing about a secure method of communication is to have it set up in advance of any need to use it.


So there's no reason why we can't make up some pads and exchange them with our trusted friends and family to hold on to "just in case." Depending on the circumstances there might not be time or opportunity to meet and exchange them in person should the need suddenly and unexpectedly arise, or as has happened in other countries internet access can be cut just when it's needed most. It might be a matter of life and death to be able to send out a secure text or email to everyone you know informing them of where to go in the event of mass civil unrest or whatever. And it's not only government snoops who can hack cellphones and eavesdrop or read texts; if you send directions or coordinates on unsecure networks there's no telling who might show up to meet you. If the net is down but voice lines or cell networks are up OTP can still be used by speaking the numbers whereas PGP and other digital methods would be useless.

There might be other times when it'd be helpful to be able to coordinate your story with someone else's so they match without anyone else being able to prove that that's what you did. And so on and so forth... But it's still the case that the advantages of secure communications can only be realized if we put up with the inconvenience of securing them, and that's something that has to be anticipated before it's actually needed.

Fortunately this is one of those few instances where a relatively minor amount of effort spent learning a skill now can have potentially enormous consequences in the future should we ever need it.
  • Sidestreet likes this

#4 CatsAndBats

CatsAndBats

    [^._.^]ノ彡 & /|\( ;,;)/|\

  • OG VIP
  • 8,109 posts

Awards Bar:

Posted 06 February 2017 - 10:33 AM

bump, because safety of our members.


Edited by catattack, 06 February 2017 - 10:34 AM.

  • TVCasualty and Lakegal7 like this

#5 TVCasualty

TVCasualty

    Embrace Your Damage

  • OG VIP
  • 10,720 posts

Awards Bar:

Posted 07 February 2017 - 03:35 PM

I'd make it a Pinned thread if I could.

 

One point worth stressing is the importance of using truly random numbers (pseudorandom isn't good enough for this). Thanks to modern processing speeds, anything less is subject to cracking. Granted, you'd have to get the attention of an individual, group, or agency with the knowledge and resources necessary to accomplish this and if you have attracted attention like that then you already have a serious problem regardless of whether your OTP is cracked (but it'd become a much bigger problem if it is cracked).

 

In a nutshell, don't use a deterministic device to attempt to generate randomness! That includes "random number generators" that run as software on a computer.

 

From Wikipedia:

 

 

Since much cryptography depends on a cryptographically secure random number generator for key and cryptographic nonce generation, if a random number generator can be made predictable, it can be used as backdoor by an attacker to break the encryption.

 

The NSA is reported to have inserted a backdoor into the NIST certified cryptographically secure pseudorandom number generator Dual_EC_DRBG. If for example an SSL connection is created using this random number generator, then according to Matthew Green it would allow NSA to determine the state of the random number generator, and thereby eventually be able to read all data sent over the SSL connection.[13] Even though it was apparent that Dual_EC_DRBG was a very poor and possibly backdoored pseudorandom number generator long before the NSA backdoor was confirmed in 2013, it had seen significant usage in practice until 2013, for example by the prominent security company RSA Security.[14] There have subsequently been accusations that RSA Security knowingly inserted a NSA backdoor into its products, possibly as part of the Bullrun program. RSA has denied knowingly inserting a backdoor into its products.[15]

 

It has also been theorized that hardware RNGs could be secretly modified to have less entropy than stated, which would make encryption using the hardware RNG susceptible to attack. One such method which has been published works by modifying the dopant mask of the chip, which would be undetectable to optical reverse-engineering.[16] For example, for random number generation in Linux, it is seen as unacceptable to use Intel's RdRand hardware RNG without mixing in the RdRand output with other sources of entropy to counteract any backdoors in the hardware RNG, especially after the revelation of the NSA Bullrun program.[17][18]

 

In 2010, a U.S. lottery draw was rigged by the information security director of the Multi-State Lottery Association (MUSL), who surreptitiously installed backdoor malware on the MUSL's secure RNG computer during routine maintenance.[19] During the hacks the man won a total amount of $16,500,000 by predicting the numbers correct a few times in year.

 

Source: https://en.wikipedia...mber_generation

 

For those who might be interested in the arcane details about the difficulty of generating true random numbers these two pages are a good place to start:

 

http://softwareengin...-random-numbers

 

https://www.reddit.c...generate_truly/

 

 

Granted, for most people in most cases, less-than-ideal methods of generating the numbers will generally be good enough, though I would still take care to avoid any that depend on computer hardware to generate them (i.e. directly, like the example of Dual_EC_DRBG in the Wiki quote above) but several pseudorandom number generators are considered cryptographically secure (i.e. "good enough" for most cases).

 

While they're software-based (deterministic) and run on your computer (deterministic), they don't rely on the computer or software alone to generate the numbers (they require some sort of external output to "seed" the generator; the seed value is then used with the algorithm to generate the numbers, basically). The need for "seeding" is the vulnerability of such approaches because in a deterministic context (your computer), if you know the seed value you can reproduce the sequence of "random" numbers generated (hence "pseudo" random). The crypto-secure approaches just make that really difficult (but not impossible) to do.

 

Here's a handy list of such generators: https://en.wikipedia...mber_generators

 

Secure approaches are also considered painfully slow (the price of security is lots of tedious inconvenience, after all), but that's only when they're used in modern high-tech contexts requiring a very large number of (pseudo)random numbers (like securing the Internet). Faster algorithms are less-secure, but are "good enough" for non-secure tasks (science experiments, gaming). However, for making One Time Pads they're plenty fast as we only need a few such numbers, relatively speaking (just don't make the mistake of using the faster but less-secure methods!).

 

Remember the news story about some researches who hacked a Jeep Wrangler? They succeeded because the system's designers overlooked one tiny little detail in how the Jeep's computer generated the "random" numbers used to create a "random" password for each vehicle (oops!).

 

A quote from the comments on the Reddit page linked above explains it well (emphasis mine):

 

 

You can use other sources, like the timing of packets over the network, but even that can be difficult. The difficulty of collecting initial entropy or a seed for a pseudo RNG is the cause of many security problems.

 

A while ago there was a story about some people who hacked into a Jeep remotely. The Jeep generated a "random" password to stop people from logging in. The problem is that the seed was the time of day when the car was first turned on. When the car was first turned on it always came up with the time set to 1970 Jan 1 00:00:00.000 there was only a tiny variation in how quickly the computer booted as a source of entropy, so there were only six possible passwords.

 

That's not just an "oops," that's firmly in "major fuckup" territory. And that mistake was made by "experts" in the field who were working for a major corporation with vast resources!

 

 

 

 

All of that complicated stuff above starts to make this topic seem highly technical and so too challenging for most people to bother with, but that is NOT the case with the One Time Pad method itself. The arcane stuff only concerns the challenges of generating the random numbers one uses and the pitfalls of going about it improperly.

 

There are completely manual/analog methods for doing this that are far too slow for most contexts but work okay for OTPs such as flipping coins, rolling dice, or using a roulette wheel (though those would have to be considered "good enough" at best due to potential biases caused by things like an imperfect distribution of weight in a coin, thereby causing it to land on "heads" slightly more often than 50% of the time, for example). And you have to flip that coin or roll that (etc.) die many, many times (yawn).

 

I think these details are important to at least have a basic understanding of because that understanding helps us avoid creating a false sense of security by using the wrong kind of number generator (since "random" isn't necessarily random enough).

 

It's like something I saw on a coffee mug years ago that stuck with me: If you know "how," you'll always have a job. But if you know "why," you'll always be the boss! (it was on the bosses' mug, lol...). When it comes to your own personal privacy, you have to be the "boss" since no one else is going to give a damn.






Like Mycotopia? Become a member today!